Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL persistence using a port other than 443?

I figure this would work, but am looking for some confirmation.

Thanks!

Clayton

4 REPLIES
New Member

Re: SSL persistence using a port other than 443?

This is from a Cisco documentation:

The Clients send encrypted traffic on port 443, the standard SSL port. The CSM listens on port 443 and load balances the encrypted traffic to an internal "server farm" of SSL modules. The selected SSL Service Module decrypts the traffic, stamps it with a SSL Session ID, opens a clear-text connection to a Versatile Interface Processor (VIP) on the CSM, and sends the traffic to a port that has been configured to receive "decrypted SSL traffic", for examples port 81.

New Member

Re: SSL persistence using a port other than 443?

Thanks, however in our case we are not using the SSL module.

I have since ruled out using ssl persistence due to Internet Explorer renegoting the SSL session ID every two minutes. This would break the persistence.

I do have a new question. I have not had any luck doing a keepalive check against an https port. I see that there is keepalive http, but no keepalive https. The standard http one fails against ssl enabled ports.

New Member

Re: SSL persistence using a port other than 443?

HI,

An option to do SSL keepalive may be to use a TCP based keepalive on port 443.

Regards

New Member

Re: SSL persistence using a port other than 443?

Thanks, That is what I ended up doing. It would be nice to perform an actual GET of a page. Sometimes our applications will hang, but the tcp port will still be listening.

334
Views
0
Helpful
4
Replies